Re: [libvirt] [PATCH 1/2] virsh: flexibility in CA cert and user cert/key

Allow the CA certificate to come from the user's home directory or from the global location independently of the client certificate/key pair. Mostly for the case when each user on a system has their own cert/key pair but the system as a whole shares the same CA. Signed-off-by: Doug Goldstein <cardoe(a)gentoo.org&gt; --- src/remote/remote_driver.c | 19 ++++++++++++------- 1 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 4c3bdf3..9965d38 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1222,21 +1222,26 @@ initialize_gnutls(char *pkipath, int flags) "clientcert.pem")) < 0) goto out_of_memory; - /* Use default location as long as one of CA certificate, + /* Use the default location of the CA certificate if it + * cannot be found in $HOME/.pki/libvirt + */ + if (!virFileExists(libvirt_cacert)) { + VIR_FREE(libvirt_cacert); + + libvirt_cacert = strdup(LIBVIRT_CACERT); + if (!libvirt_cacert) goto out_of_memory; + } + + /* Use default location as long as one of * client key, and client certificate cannot be found in * $HOME/.pki/libvirt, we don't want to make user confused * with one file is here, the other is there. */ - if (!virFileExists(libvirt_cacert) || - !virFileExists(libvirt_clientkey) || + if (!virFileExists(libvirt_clientkey) || !virFileExists(libvirt_clientcert)) { - VIR_FREE(libvirt_cacert); VIR_FREE(libvirt_clientkey); VIR_FREE(libvirt_clientcert); - libvirt_cacert = strdup(LIBVIRT_CACERT); - if (!libvirt_cacert) goto out_of_memory; - libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY); if (!libvirt_clientkey) goto out_of_memory;